Privacy

The Institutes for Behavior Resources, Inc. (“IBR”, “us”, “we”, “our”, “SAFTE-FAST”) is committed to protecting the privacy of the businesses, organizations and individuals that contract or register with us to utilize our software and services.

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your PII.

If you have questions or complaints regarding IBR’s Privacy Policy or associated practices or if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at info@ibrinc.org.

Privacy Shield

IBR has adopted the European – United States (EU-U.S.) Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Principles”). IBR confirms that it is compliant with the Principles regarding personal information that is transferred from the EU to the U.S. If a conflict between the terms in this Privacy Shield Policy and the Principles should arise over concerns regarding Personal Data received under the Privacy Shield, the Principles shall govern. IBR is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

For more on Privacy Shield, see privacyshield.gov.

Notice & Choice

IBR may receive personal data in the form of work schedules from an organization, for the purpose of determining fatigue-related risks. IBR applications allow entry of proposed schedules and generate graphical predictions of performance along with tables of estimated effectiveness scores for objective comparison. This data may include basic personal information about workplace personnel, such as names and/or employee identification number, however IBR only uses data relevant to the service provided and is processed only as permitted by the Principles.

Notice to individuals regarding the collection, use, and/or transfer of the personal data described above is provided in contracts or agreements.

If for any reason the data is to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized, IBR will request your consent beforehand.

Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at info@ibrinc.org.

Accountability for Onward Transfer

IBR will not provide personal data to any third-party organizations without express permission. IBR will remain responsible and liable for the work provided by any such third-party organization. Contracts with third-party organizations are maintained and noted that the third party will apply the same level of protection for Personal Data as is required by the Privacy Policy Notice and Choice Principles. The third-party organization also agrees to notify IBR if it can no longer meet its obligation. If this determination is met, the third-party ceases processing or will take appropriate steps of remediation.

If the use of a third party is necessary, IBR will obtain consent through a contract/agreement, outlining the type of personal data collected and used. IBR will provide information on the nature, type, or manner of the third-party organization(s). Personal data will not be shared with a third-party organization without consent. Additionally, disclosure of personal information may be necessary to meet a legal obligation or a lawful request by public authorities, including to meet national security or law enforcement requirements.

Security

IBR takes reasonable and appropriate measures to protect the personal data that it creates, maintains, uses, or disseminates to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction. These measures consider the risks involved in the processing and the nature of the personal data.

Data Integrity and Purpose Limitation

IBR collects and processes personal data only to the extent that is necessary to provide its services. IBR will notify and obtain your consent if we use your personal data in any other manner. IBR will take reasonable steps necessary to ensure that personal data is accurate, complete, current, and reliable for its intended use.

Access

Individuals whose personal data is held by IBR have the right to request access to the personal data to review, correct, update, suppress, or delete it if it is inaccurate or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks of the individual’s privacy, or where the rights of persons other than the individual would be violated. Requests to review and correct the personal data can be made to info@ibrinc.org.

Recourse, Enforcement and Dispute Resolution

IBR remains committed to resolve complaints about the use or disclosure of personal data, consistent with the Principles. See contact information for inquiries or complaints. If the issue remains unresolved or not addressed satisfactorily, you may contact JAMS at www.jamsadr.com/eu-us-privacy-shield JAMS provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you at no expense. If the issue involves human resources personal data, IBR will adhere to the competent EU data protection authorities and comply with their advice. You may have the option to invoke binding arbitration under the Privacy Shield Panel to address residual complaints. See www.privacyshield.gov.

What personal information do we collect?

When obtaining schedules of our clients, as appropriate, we may receive additional information related to an employee such as email address, mailing address, phone number, company name, company size.

Basic contact information may be collected when an individual requests additional information from IBR or SAFTE-FAST websites
System use requirements and contact information may be collected when we are provided with contractual documents (Request for Proposal, Contract Agreement, Change Request, etc.)
We will collect scheduling, sleep, operational, or other data as provided by the customer (Customer Data) when provided with sample data for systems integration, testing, verification, support, or other research purposes
Standard internet technologies, such as cookies, are used to keep track of interactions with the website and web applications

When do we collect information?

We collect information through the normal course of business with our clients.

Customers may electronically submit data or information to our software or support services (“Customer Data”)
IBR will not review, share, distribute, or reference any such Customer Data except as defined in approved contractual documents, or as may be required by law. In accordance with IBR and the Customer’s contractual documents, IBR may access Customer Data only for the purposes of providing the services, preventing or addressing service or technical problems, at a Customer’s request in connection with customer support matters, or as may be required by law

How do we use your information?

Customer Data is used to determine risk associated with fatigue. This data is analyzed and used to generate graphical predictions of performance along with tables of estimated effectiveness scores for objective comparison.

Information is collected to provide Customers with the software and services they may request
Collected information can be used to provide customers with additional information about our software, services, promotions, and events
Collected information can be used to improve our software and services
We do not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes. IBR may share information collected with other companies that work on IBR’s behalf
Robust security measures are used to protect information

How do we protect visitor information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when entering, submitting, or accessing information to maintain the safety of your personal information.

Communication Preferences

Marketing emails from IBR include instructions on how to opt out of receiving further marketing emails
Email is primarily used for direct customer communication. If alternate contact methods are requested by the Customer (phone, internet-based meetings, or chat), IBR will maintain primary contact method(s) as part of basic contact information

COPPA (Children Online Privacy Protection Act)

The Children’s Online Privacy Protection Act (COPPA) requires websites that market to, serve, or attract children under thirteen (13) to engage in certain procedures to protect those children’s privacy and interest, including the provision of certain rights to parents. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. IBR does not market to, serve or attract children under thirteen (13).

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

To be in line with Fair Information Practices, should a data breach occur, we will notify the users via email within 1 business day.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address to:

Send information and respond to inquiries and/or other requests or questions
Process orders and send information and updates pertaining to orders
Send you additional information related to your product and/or service

To be in accordance with CAN-SPAM we agree to:

NOT use false, or misleading subjects or email addresses
Identify the message as an advertisement in some reasonable way
Include the physical address of our business or site headquarters
Monitor third-party email marketing services for compliance, if one is used
Honor opt-out/unsubscribe requests quickly
Allow users to unsubscribe by using the link at the bottom of each email

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@ibrinc.org and we will promptly remove you from ALL correspondence.

Contact

If you have any questions regarding IBR’s Privacy Policy, please contact IBR at:

Institutes for Behavior Resources, Inc. (IBR)
2104 Maryland Avenue
Baltimore, Maryland, 21218
USA

info@ibrinc.org

Last Edited on 2020-07-15